Homepage

agents@0.3.9 vulnerabilities

A home for your AI agents

  • latest version

    0.4.1

  • latest non vulnerable version

    0.4.1

  • first published

    13 years ago

  • latest version published

    1 days ago

  • licenses detected

    • MIT
      >=0.0.0-35951 <0.0.1; >=0.0.37
  • View agents package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the agents package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    agents is an A home for your AI agents

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the error_description query parameter in the OAuth callback handler, which is directly interpolated into an HTML script tag without proper escaping. An attacker can execute arbitrary JavaScript in the victim's browser by tricking a user into clicking a crafted link, potentially allowing access to sensitive session data and actions on connected servers.

    Note:

    Developers using configureOAuthCallback with custom error handling in their own applications should ensure all user-controlled input is escaped before interpolation.

    How to fix Cross-site Scripting (XSS)?

    Upgrade agents to version 0.3.10 or higher.

    <0.3.10
    Go back to all versions of this package